Caching-Only Proxy Server Does Not Pass Authentication Request from Firewall (286227)
The information in this article applies to:
- Microsoft Proxy Server 2.0
This article was previously published under Q286227 SYMPTOMS
When you are implementing a caching-only Microsoft Proxy Server 2.0 that is behind a third-party firewall program, the Proxy Server may not pass to the client's browser the authentication request that is required by the firewall.
CAUSE
This behavior can occur because HTTP 1.1 does not support authentication over multiple hops. Therefore, the firewall's authentication challenge does not reach the client's browser.
RESOLUTION
To work around this behavior, set the firewall as the upstream proxy, and configure the Proxy Server with a username and password that will be used for all upstream connections. This username and password will be passed to the firewall by the Proxy Server on behalf of the clients. - In Microsoft Management Console (MMC) on the Proxy Server, right-click Web Proxy, and then click Properties.
- Click the Routing tab.
- Under Upstream Routing, click Use Web Proxy or Array.
- Click Modify.
- Type the IP address of the firewall that will be used as the upstream proxy.
- Click Use Credentials to Communicate with Upstream Proxy or Array.
- Specify the username and password you want to use to communicate with the upstream proxy (firewall).
- Click the Permissions tab to enable access control, and then grant access to the appropriate users and groups.
| Modification Type: | Major | Last Reviewed: | 2/2/2001 |
|---|
| Keywords: | kbprb KB286227 |
|---|
|